Postcard From Jen Easterly's “Unsafe at Any CPU Speed” Lecture at Carnegie Mellon University

Read my reflection on CISA Director Jen Easterly's lecture at Carnegie Mellon University on the designed-in dangers of technology.

As a member of the Pittsburgh Technology Council, I receive invitations for many informative technology events within the Pittsburgh community.

On February 27, 2023, I attended one such event hosted by Carnegie Mellon University, featuring the honorable Jen Easterly, Director of the Cybersecurity & Infrastructure Security Agency (CISA). Her presentation was titled: Unsafe at any CPU Speed: The Designed-in Dangers of Technology and What We Can Do About It.

As someone with minimal computer science or software engineering experience, I felt that Director Easterly explained her key topics, including the normalization of technology risk acceptance and deviance, in a way that resonated with me.

She discussed her belief that unsafe technological design is often rooted in the manufacturing process. Most technology products, as she described, are “dangerous by design,” meaning products are not necessarily safe to use out of the box. 

Director Easterly discussed the security issues caused by technology manufacturers that knowingly prioritize speed-to-market, flashy features and cost-savings over safety and security when developing new products and services. Thus, these manufacturers may operate at the “accident boundary” line, knowingly pushing product safety and user security against the limit.

Going forward, Director Easterly advocates that safety and security must be crucial components of technology software design. If we continue to blame end-users rather than the “accident boundary” products themselves, we’re wrongly placing blame and not addressing the actual problem at hand. In her view, end-users are often treated as “crash test dummies” for these new products, and it’s just not sustainable. Technology manufacturers need to commit to prioritizing safety and security in whatever they do. 

To help manufacturers prioritize safety, Director Easterly shared CISA’s recent development of three core principles for them to abide by, including:

  1. Adopting the mindset that the burden of safety should not fall on customers
  2. Embracing radical transparency around the safety and security of products
  3. Explicitly focusing on secure by design and secure by default products

With this in mind, Director Easterly also says it is important to remember the burden does not entirely fall on manufacturers. The government has a role to play and so do the future generations of software engineers and computer science majors, who will be the next generation of technology product designers and developers.

And what about the end-users? We should make our demands for safer and more secure products known.

When a holistic culture of safety and security ubiquitously underpins technology product quality, we will have made significant strides in uplifting the security of our technological world.

Director Easterly’s message was clear - let’s make tech even better, and more importantly, safer!

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind. 

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, at www.schneiderdowns.com/subscribe

 To learn more, visit our dedicated Cybersecurity page.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2024 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Get the Low Down Before You Download: Exploring the Temu App’s Security Risks
Six-Figure Ransomware Attack Hits Washington County, PA
Romance Scams: Guarding Your Heart and Wallet
A First of Its Kind: The $25 Million Deepfake Scam
Fortifying Retail Security: Essential Cybersecurity Tools and Software
Defend Your Dollars and Data: How to Avoid IRS Impersonation Scams
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Pittsburgh

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×